Specify the Active Directory users that require multi-factor authentication.
This parameter is only for autozone and classic zone.
By default no Active Directory user require multi-factor authentication. When you specify one or more users in this parameter, the users specified will require multi-factor authentication.
You specify users by name or you can list the user names in a file. The user name can be specified in any of the following formats:
- sAMAccountName
- [email protected]
(specify the domain if the account is not in the current domain)
- UPN
- distinguishedName
- canonicalName
- *
(this includes all AD users)
If a name contains space characters, you can put the name in double quotes or escape the space characters using backslashes:
e.g. "Krusty T. Clowns", Jane\ Doe
You can enter the list of users separated by comma, for example:
joe, janedoe, user1, [email protected]
You can also use a file to specify users. In the file, enter each name line by line. You can mix name formats, for example:
joe
janedoe
user1
[email protected]
This policy modifies the adclient.legacyzone.mfa.required.users setting in the Centrify DirectControl configuration file.